Spring gRPC Promoted!

It's a few months since we had a blog about Spring gRPC that wasn't just a release announcement. This one marks the first release since the project was promoted from experimental to a full member of the Spring Portfolio. This doesn't change the way you consume the project, but it has some...

CVE-2024-9358 ThingsBoard HTTP RPC API resource consumption

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is...

GHSA-32WX-4GXX-H48F Users can edit the tags of any discussion

This advisory concerns a vulnerability which was patched and publicly released on October 5, 2020. Impact This vulnerability allowed any registered user to edit the tags of any discussion for which they have READ access using the REST API. Users were able to remove any existing tag, and add any t...

Updated dovecot packages fix security vulnerabilities

It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users’ email CVE-2020-24386. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could...

FreeBSD : MySQL -- Multiple vulnerabilities (0ed71663-c369-11ea-b53c-d4c9ef517024)

Oracle reports : This Critical Patch Update contains 40 new security patches for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabiliti...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 40 new security patches for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...

MGASA-2020-0280 Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerabilities: libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename CVE-2019-20839. libvncserver/rfbregion.c had a NULL pointer dereference CVE-2020-14397. Byte-aligned data was accessed through uint32t pointers in...

Oracle Ties Previous All-Time Patch High with January Updates

Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update CPU. Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in Ju...

OCS Inventory NG ocsreports 2.4 Cross Site Scripting

Affected Products OCSInventory-ocsreports 2.4 older releases have not been tested References https://www.secuvera.de/advisories/secuvera-SA-2017-03.txt used for updates https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/ Release announcement of OCS Inventory 2.4.1...

Updated roundcubemail packages fix security vulnerability

The roundcubemail package has been updated to version 1.0.7, which fixes a XSS issue in drag-n-drop file uploads and other bugs. See the upstream release announcement for more details...

Updated libebml packages fix security vulnerability

In EbmlMaster::Read in libebml before 1.3.3, when the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting i...

Updated cyrus-imapd packages fix security vulnerabilities

Updated cyrus-imapd packages fix security vulnerability: The cyrus-imapd package has been updated to version 2.4.18, fixing a security issue with a urlfetch range starting outside the message range, as well as several other bugs. See the upstream release announcement for details...

Updated mediawiki packages fix security vulnerabilities

The mediawiki package has been updated to version 1.23.10, which fixes multiple security issues and other bugs. See the release announcement for more details...

Updated wordpress packages fix security vulnerabilities

Multiple vulnerabilities in WordPress before 3.9.2, including denial of service and information disclosure issues related to XML entity expansion. The wordpress package has been updated to version 3.9.2 to fix these issues. See the release announcement for more details...

PacketFence 3.2.0 released

PacketFence 3.2.0 released The PacketFence development team has published version 3.2.0 of its open source network access control NAC system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also...

Linux Kernel 3.1 RC2 Released

Linux Kernel 3.1 RC2 Released Linus Torvalds has announced the release of Linux kernel 3.1 rc2. There isn't too much to see and Linus notes that this is a fairly calm release for coming just one week after the close of the Linux 3.1 kernel merge window. As LKML is down at the moment, below is the...

MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities

Status: Solved Product: MODx Evolution Severity: High Versions: 1.0.4 and prior Advisory Date: 2011-01-26 Fixed Date: 2011-01-19 Impact: a A remote attacker may access or view arbitrary files on the server. b A remote attacker may execute arbitrary PHP code as a result of SQL injection. Descripti...

Fedora 11 : poppler-0.10.7-2.fc11 (2009-6972)

An update to the latest stable upstream release fixing many bugs, as well as addressing several security issues. Release announcement, http://lists.freedesktop.org/archives/poppler/2009-May/004721.html Note that Tenable Network Security has extracted the preceding description block directly from...

[ANNOUNCE][SECURITY] Apache 2.0.47 released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache 2.0.47 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the tenth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.47 as compared to 2.0.46...

[SECURITY] [ANNOUNCE] Apache 2.0.46 released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache 2.0.46 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the ninth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.46 as compared to 2.0.45...